<?php

class UsersController extends AppController {

    var $name = 'Users';
    var $components = array('Email'); 
    function index() {
        $this->User->recursive = 0;
        $this->set('users', $this->paginate());
    }

    function view($id = null) {
        if (!$id) {
            $this->Session->setFlash(__('Invalid user', true));
            $this->redirect(array('action' => 'index'));
        }
        $this->set('user', $this->User->read(null, $id));
    }

    function add() {
        if (!empty($this->data)) {
            $this->User->create();
            if ($this->User->save($this->data)) {
                $this->Session->setFlash(__('The user has been saved', true));
                $this->redirect(array('action' => 'index'));
            } else {
                $this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
            }
        }
        $groups = $this->User->Group->find('list');
        $this->set(compact('groups'));
    }

    function edit($id = null) {
        if (!$id && empty($this->data)) {
            $this->Session->setFlash(__('Invalid user', true));
            $this->redirect(array('action' => 'index'));
        }
        if (!empty($this->data)) {
            if ($this->User->save($this->data)) {
                $this->Session->setFlash(__('The user has been saved', true));
                $this->redirect(array('action' => 'index'));
            } else {
                $this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
            }
        }
        if (empty($this->data)) {
            $this->data = $this->User->read(null, $id);
        }
        $groups = $this->User->Group->find('list');
        $this->set(compact('groups'));
    }

    function delete($id = null) {
        if (!$id) {
            $this->Session->setFlash(__('Invalid id for user', true));
            $this->redirect(array('action' => 'index'));
        }
        if ($this->User->delete($id)) {
            $this->Session->setFlash(__('User deleted', true));
            $this->redirect(array('action' => 'index'));
        }
        $this->Session->setFlash(__('User was not deleted', true));
        $this->redirect(array('action' => 'index'));
    }

    function beforeFilter() {
        parent::beforeFilter();
        // $this->Auth->allow(array('*'));
        $this->Auth->allowedActions = array('forgotpassword');
    }

    function initDB() {
        $group = & $this->User->Group;
        //Allow admins to everything
        $group->id = 1;
        $this->Acl->allow($group, 'controllers');

        //allow managers to posts and widgets
        $group->id = 2;
        $this->Acl->allow($group, 'controllers');
        $this->Acl->deny($group, 'controllers/Stocks');
        $this->Acl->deny($group, 'controllers/Timesheets/delete');
        $this->Acl->deny($group, 'controllers/Clients/delete');
        $this->Acl->deny($group, 'controllers/Users/delete');
        $this->Acl->deny($group, 'controllers/Users/edit');
        $this->Acl->deny($group, 'controllers/Users/add');

        //we add an exit to avoid an ugly "missing views" error message
        echo "all done";
        exit;
    }

    function login() {
        if ($this->Session->read('Auth.User')) {
            $this->Session->setFlash('You are logged in!');
            $this->redirect('/', null, false);
        }
    }

    function logout() {
        $this->Session->setFlash('Good-Bye');
        $this->redirect($this->Auth->logout());
    }

    function forgotpassword() {
        if (!empty($this->data)) {
            $this->User->recursive = 0;
            $user = $this->User->findByEmail($this->data['User']['email']);
            if ($user) {$user['User']['tmp_password'] = $this->User->createTempPassword(7);
                $user['User']['password'] = $this->Auth->password($user['User']['tmp_password']);
                $this->Session->setFlash('Your new password is' .$this->Auth->password($user['User']['tmp_password']). 'Please use that to log in');
                if ($this->User->save($user, false)) {
                    // send a mail to finish the registration 
                    $this->Email->to = $this->data['User']['email'];
                    $this->Email->subject = 'Tech Head new password';
                    $this->Email->replyTo = '[hidden email]';
                    $this->Email->from = 'Tech Head New Password <[hidden email]>';
                    $this->Email->sendAs = 'text';
                    $this->Email->charset = 'utf-8';
                    $body = "Please visit  http://localhost/simple/users/login. Your new password: {$user['User']['tmp_password']}";

                    if ($this->Email->send($body)) {
                        $this->Session->setFlash(__('Your new password has been sent, please check your inbox', true), 'warning');
                    } else {
                        $this->Session->setFlash(__('Failed to send the confirmation email. Please contact the administrator at support@xxx', true), 'error');
                    }
                    $this->redirect(array('controller' => 'users', 'action' => 'login'));
                }
            } else {
                $this->Session->setFlash('No user was found with the submitted email address.');
            }
        }
    }

}

?>